Small businesses suffer from theft of data

Small businesses have called for tougher criminal ­penalties for former employees who steal or leak sensitive company information, as experts warned that ­millions in losses had arisen from increased data theft since the global financial crisis.

Figures from research firm Ponemon showed data theft has continued to be a major pain point for all businesses, with insiders – former employees or contractors – responsible for a third of all information breaches last year. These breaches were the result of either an employee’s negligence, or malicious attempts to siphon data from the business for personal gain.

The Australian businesses surveyed by Ponemon spent an average of $US2.27 million last year dealing with these breaches. Data theft investigators and security consultants said incidents had increased since the global economic downturn, particularly in the construction sector, as employees became desperate to win contracts or personally benefit from the business.

One consultant said the “law is silent" on corruption and data leakage in the private sector.

While businesses have traditionally relied on ­chasing former employees through courts for breach of contract, small businesses said they could not afford the costs or time involved in civil proceedings. “It’s not being reported, but it’s something the government should look at because it’s going to become a bigger problem as more people purchase online," said Peter Strong, executive director of the Council of Small Businesses of Australia.

Advertisement

Related Quotes

The calls come after a recent enquiry into UK media, conducted by Lord Justice Brian Leveson, recommended the British government implement a two-year prison sentence for those involved in the “black market" of distributing private and personal data.

The Australian government is considering a right to sue those who have caused a “serious invasion" of privacy, but is yet to commit to any legislative change. The breaches could leave affected companies liable for million-dollar fines under privacy reforms passed through Parliament last month.

Security and legal experts, as well as those companies affected, say the end result leaves employees feeling invincible to legal threat or recourse.

King & Wood Mallesons partner John Swinson acknowledged small businesses could have a hard time proving theft of data, which in many cases constituted the “crown jewels" of the business. “People realise ‘if I take money out of the till or steal a computer’ that’s the wrong thing to do. But some people think that taking a copy of data or intellectual property is not harming anyone, that there is no law preventing it or you’ll never get caught, when in fact that’s not the case," he said.